A Facebook bug let app developers see photographs users had uploaded, but never posted, the social network said.
For two weeks in September, an error in the way Facebook shares photographs with third parties meant that apps could see not only photos users had posted on their Newsfeed, but also pictures in other parts of the site — on Facebook Stories or Facebook’s Marketplace, for instance.
The bug also “impacted photos that people uploaded to Facebook, but chose not to post,” Facebook developer Tomer Bar said in a statement on Friday.
Importantly, the only applications that had access to the hidden photographs were those to which users had already granted access to all their public photos, through the company’s application programming interface, Bar said.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar said.
Users affected are those who had given permission to third-party apps to access their photos through the Facebook log-in function. There is no evidence that the bug led to any large-scale extraction of photos from the site.
“We’re sorry this happened,” Bar added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
The error is comparatively minor given Facebook’s scale.
In September, almost five times as many accounts were affected by a data breach in which hackers accessed personal information, including name, relationship status, search activity and recent location check-ins.
“The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘view as,’ a feature that lets people see what their own profile looks like to someone else,” Facebook vice president of product management Guy Rosen said at the time.
“It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he added.
Philippine President Ferdinand Marcos Jr yesterday vowed that those behind bogus flood control projects would be arrested before Christmas, days after deadly back-to-back typhoons left swathes of the country underwater. Scores of construction firm owners, government officials and lawmakers — including Marcos’ cousin congressman — have been accused of pocketing funds for substandard or so-called “ghost” infrastructure projects. The Philippine Department of Finance has estimated the nation’s economy lost up to 118.5 billion pesos (US$2 billion) since 2023 due to corruption in flood control projects. Criminal cases against most of the people implicated are nearly complete, Marcos told reporters. “We don’t file cases for
A feud has broken out between the top leaders of the far-right Alternative for Germany (AfD) party on whether to maintain close ties with Russia. The AfD leader Alice Weidel this week slammed planned visits to Russia by some party lawmakers, while coleader Tino Chrupalla voiced a defense of Russian President Vladimir Putin. The unusual split comes at a time when mainstream politicians have accused the anti-immigration AfD of acting as stooges for the Kremlin and even spying for Russia. The row has also erupted in a year in which the AfD is flying high, often polling above the record 20 percent it
Ecuadorans are today to vote on whether to allow the return of foreign military bases and the drafting of a new constitution that could give the country’s president more power. Voters are to decide on the presence of foreign military bases, which have been banned on Ecuadoran soil since 2008. A “yes” vote would likely bring the return of the US military to the Manta air base on the Pacific coast — once a hub for US anti-drug operations. Other questions concern ending public funding for political parties, reducing the number of lawmakers and creating an elected body that would
‘ATTACK ON CIVILIZATION’: The culture ministry released drawings of six missing statues representing the Roman goddess of Venus, the tallest of which was 40cm Investigators believe that the theft of several ancient statues dating back to the Roman era from Syria’s national museum was likely the work of an individual, not an organized gang, officials said on Wednesday. The National Museum of Damascus was closed after the heist was discovered early on Monday. The museum had reopened in January as the country recovers from a 14-year civil war and the fall of the 54-year al-Assad dynasty last year. On Wednesday, a security vehicle was parked outside the main gate of the museum in central Damascus while security guards stood nearby. People were not allowed in because
RSS